(In reply to Daniel Veditz [:dveditz] from comment #5) > Gijs, Neil: would it make sense to treat drag and drop of an external protocol differently than dragging a "web" link? Or maybe we should be asking about launching external protocols every time, even if the user manually entered it (since they might not understand what someone told them to type)? The second option here (asking every time we load an external protocol, if it's not done with a web protocol), is bug 1828334. As I explained there (bug 1828334 comment 5), not doing so is a relatively recent change, because we made it so people opening these urls by e.g. clicking links on webpages would get 1 prompt instead of 2 (used to be protocol choice prompt + permission prompt, now just permission prompt), and as a side effect that meant such urls when opened directly in the browser (so with system principal) would not prompt at all (because you don't need a permission prompt). We could go back to prompting to confirm (at least the first time such a URL is used) relatively straightforwardly (by not skipping the protocol choice prompt for system principal users; users could still check a checkbox to always open such links and then there wouldn't be prompts in these cases). I asked you there whether you wanted to do that, but I think the question got lost. :-) Should I assume that you asking the question means we should indeed make that change? And do you want to treat this bug separately or just dupe it over? A more limited change might be trying to funnel through the original webpage's content principal for opening decisions on these links, which would be more correct but wouldn't fix the copy/paste or manual re-typing case. As you said, I doubt people really understand some of these URLs so I'm not so inclined to spend time on that.
Bug 1844788 Comment 7 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Daniel Veditz [:dveditz] from comment #5) > Gijs, Neil: would it make sense to treat drag and drop of an external protocol differently than dragging a "web" link? Or maybe we should be asking about launching external protocols every time, even if the user manually entered it (since they might not understand what someone told them to type)? The second option here (asking every time we load an external protocol, if it's not done with a web principal), is bug 1828334. As I explained there (bug 1828334 comment 5), not doing so is a relatively recent change, because we made it so people opening these urls by e.g. clicking links on webpages would get 1 prompt instead of 2 (used to be protocol choice prompt + permission prompt, now just permission prompt), and as a side effect that meant such urls when opened directly in the browser (so with system principal) would not prompt at all (because you don't need a permission prompt). We could go back to prompting to confirm (at least the first time such a URL is used) relatively straightforwardly (by not skipping the protocol choice prompt for system principal users; users could still check a checkbox to always open such links and then there wouldn't be prompts in these cases). I asked you there whether you wanted to do that, but I think the question got lost. :-) Should I assume that you asking the question means we should indeed make that change? And do you want to treat this bug separately or just dupe it over? A more limited change might be trying to funnel through the original webpage's content principal for opening decisions on these links, which would be more correct but wouldn't fix the copy/paste or manual re-typing case. As you said, I doubt people really understand some of these URLs so I'm not so inclined to spend time on that.
(In reply to Daniel Veditz [:dveditz] from comment #5) > Gijs, Neil: would it make sense to treat drag and drop of an external protocol differently than dragging a "web" link? Or maybe we should be asking about launching external protocols every time, even if the user manually entered it (since they might not understand what someone told them to type)? The second option here (asking every time we load an external protocol, if it's not done with a web principal), is bug 1828334. As I explained there (bug 1828334 comment 5), not doing so is a relatively recent change, because we made it so people opening these urls by e.g. clicking links on webpages would get 1 prompt instead of 2 (used to be protocol choice prompt + permission prompt, now just permission prompt), and as a side effect that meant such urls when opened directly in the browser (so with system principal) would not prompt at all (because you don't need a permission prompt). We could go back to prompting to confirm (at least the first time such a URL is used) relatively straightforwardly (by not skipping the protocol choice prompt for system principal users; users could still check a checkbox to approve opening such links on a per-protocol basis, and then there wouldn't be prompts in these cases). I asked you there whether you wanted to do that, but I think the question got lost. :-) Should I assume that you asking the question means we should indeed make that change? And do you want to treat this bug separately or just dupe it over? A more limited change might be trying to funnel through the original webpage's content principal for opening decisions on these links, which would be more correct but wouldn't fix the copy/paste or manual re-typing case. As you said, I doubt people really understand some of these URLs so I'm not so inclined to spend time on that.